On May 30, 2016, Trend Micro released Critical Patch (CP) Build 6054 for OfficeScan 11.0 SP1, which includes several protection enhancements against ransomware. Customers are strongly encouraged to apply this CP as soon as possible to take advantage of the new features and enhancements.
Please note: the new build number for Servers is 6054, while the Agent Module is Build 6034. For simplicity, the entire CP will be referred to as Build 6054 throughout the remainder of this article but may apply to both the server and agent modules. For more details on the exact file changes, users may review the readme file linked at the end of the article.
Some of the key new enhancements in OfficeScan 11.0 SP1 CP Build 6054 include:
- Improved Behavior Monitoring program inspection components which will help detect and block suspected compromised executable files commonly found in ransomware attacks.
Recommended best practice settings for ransomware protection will be enabled by default after application of the CP, including:
- Enable Malware Behavior Blocking, with Known and potential threatsselected
- Protect documents against unauthorized encryption or modification
- Automatically back up files changed by suspicious programs*
Enable program inspection to detect and block compromised executable files (Server platforms excluded) *
Click image to enlarge.
Monitor newly encountered programs downloaded through HTTP or email applications (Server platforms excluded), with Prompt user before executing selected.
Click image to enlarge.
* Denotes new features added as part of CP Build 6054
In addition to the ransomware protection enhancements listed above, CP Build 6054 also addresses the recently disclosed OfficeScan Path Traversal vulnerability. More information on this vulnerability can be found in Knowledge Base Article 1114097.
Customers applying OfficeScan 11.0 SP1 CP build 6054, must first apply the following in order before applying the latest CP. All of these can be obtained from Trend Micro’s Download Center:
- OfficeScan 11.0 GM (Build 1028)
- OfficeScan 11.0 SP1 (Build 2995)
- OfficeScan 11.0 SP1 CP Build 4150 or later
The CP 6054 installer may return an error messaging if any of the above components are not currently installed.
Customers are encouraged to visit both our OfficeScan 11.0 SP1 Ransomware Protection Features KB article as well as our overall Ransomware Best Practices Configuration KB article for more information on Trend Micro’s recommendations on how to best deploy and configure Trend Micro solutions against the latest ransomware threats or contact Trend Micro Technical Support for further assistance.